Method and system for cluster managing of network facilities

ABSTRACT

An object of the present invention is to provide a management method of network device, which can implement concentrate management of a large number of network devices with a small amount of IP resources, and thereby reducing maintenance workload and facilitating network management. In the management method of network devices according to the present invention, the plurality of network devices compose a cluster, wherein at least one network device is designated as the cluster management device and is configured with a public IP address; other network devices are configured and updated with private IP addresses and routes by said cluster management device; the network management device manages the network devices in the cluster through the following steps: (A) establishing IP data channels via said cluster management device between the network devices in the cluster and said network management device by said cluster management device; and (B) managing the network devices in the cluster through said IP data channels by said network management device.

FIELD OF THE INVENTION

The present invention relates to a network device management method,particularly to a method of managing Transfer Control Protocol/InternetProtocol network devices and an apparatus thereof in a cluster manner.

BACKGROUND OF THE INVENTION

As network scale and scope enlarge quickly, people's activities rely onnetwork services more and more, and the network load becomes heavier andheavier; whether from the viewpoint of network subscribers or from theviewpoint of network administrators, it is increasingly urgent to managenetworks effectively.

In today's network environments, there are mainly 3 approaches formanagement of network devices, which are described as followsrespectively.

The first approach is to connect a network management device directly tonetwork devices to be managed via serial ports, to implementconfiguration management of the network devices. The major advantage ofthe approach lies in its simple management means, without needing otheradditional devices; furthermore, since the network devices to be managedare connected directly via serial ports, it is unnecessary to allocatemanagement IP addresses to them when they are configured, and therebysave IP resource. However, since the network devices may be distributedin a large area, in particular, in a telecom network, there are a largenumber of data devices distributed across the network, such a managementapproach will inevitably bring difficulties to maintenance work andcause heavy workload.

The second approach is to manage TCP/IP network devices remotely on thebasis of the Single Network Management Protocol (SNMP) or the terminalemulation protocol TELNET. Compared with the first approach, since thenetwork management procedure is implemented on a standard IP protocolstack, it is simple to implement and light in workload; in addition, ithas little correlation with other devices, so that the administrator canimplement remote management of network devices to be managed through anetwork management terminal or TELNET emulation terminal; however, themajor disadvantage is: each network device to be managed has to beallocated with a public network IP address, which will result in wasteof IP address resource; especially, in a telecom network with a largenumber of devices, that disadvantage is more severe.

The last approach is put forth on the basis of the second approach; itscore idea is to take the serial numbers of network devices allocated bythe device manufacturer as device addresses to implement management ofnetwork devices; therefore, such an approach can save IP addressresource; however, it is applicable to devices from a specificmanufacturer and the network management program runs on a privateprotocol stack and thereby the management protocol nearly has noopenness and is unable to implement unified management of networkdevices from different manufacturers.

SUMMARY OF THE INVENTION

An object of the present invention is to provide a method of clustermanagement of network devices, which can implement concentratemanagement of a large number of TCP/IP network devices with a smallamount of IP address resource, and thereby reduces maintenance workloadand simplifies network management.

Another object of the present invention is to provide an apparatus ofcluster management of network devices.

To attain above objects, in the method of cluster management of networkdevices of the present invention, a plurality of network devices composea cluster, wherein at least one network device is set as the clustermanagement device and configured with a public IP address; other networkdevices are configured and updated with private IP addresses and routesby said cluster management device; said network management devicemanages the network devices in the cluster according to the followingsteps of:

(A) establishing IP data channels via said cluster management devicebetween the network devices in the cluster and said network managementdevice by said cluster management device; and

(B) managing the network devices in the cluster through said IP datachannels by said network management device.

Preferably, in above managing method of network devices, said clustermanagement device configures and updates other network devices withprivate IP addresses and routes according to information of topologicalarchitecture of the network and device information of the networkdevices in the cluster. More preferably, said cluster management deviceconfigures the other network devices with private IP addressesdynamically.

Preferably, in above managing method of network devices, said clustercomprises a plurality of said cluster management devices, and one of thecluster management devices is responsible for managing the configurationand update of private IP addresses and routes of the network devices inthe cluster as well as the communication between said network managementdevice and the network devices in the cluster; in case said clustermanagement device fails, one of the other cluster management devices isdesignated to be responsible for managing the configuration and updateof private IP addresses and routes of the network devices in the clusteras well as the communication between said network management device andthe network devices in the cluster, according to a predetermined policy.

In the present invention, the plurality of network devices compose acluster through the following steps:

(1) designating a device in the network as the cluster management deviceand configuring the device correspondingly by the network managementdevice;

(2) initiating a topology acquisition process to acquire information oftopological architecture of the network within a specified number ofhops in the network by the cluster management device;

(3) designating candidate devices to be added to the cluster in thetopological architecture according to the information of topologicalarchitecture acquired from the cluster management device, and informingthe cluster management device to start the cluster member deviceaddition process by the network management device;

(4) adding the designated candidate devices to the cluster andconfigures the candidate devices correspondingly by the clustermanagement device, so as to make the candidate devices become memberdevices of the cluster;

(5) after the cluster is established, managing the member devices in thecluster by the cluster management device, and forwarding managementmessages which are from outside of the cluster and destined to themember devices through standard Network Address Translation (NAT)process to corresponding member devices to process, and processing themanagement messages according to normal processing process by the memberdevices.

Said configuring the cluster management device correspondingly asdescribed in step (1) includes configuring the following items on thedevice: cluster name, enable state of cluster, management IP addresspool of cluster, state retention time of cluster, handshaking timeinterval of member devices, role of the management device in thecluster, and IP address of the management device.

The process of adding candidate network devices to the cluster in step(4) comprises:

(A1) sending cluster addition requests to candidate network devices thatcan be added to the cluster by the cluster management device;

(A2) determining whether it can be added to the cluster or not accordingto its own condition by the candidate device; if the candidate devicecan not be added to the cluster, feeding back a reject response andterminating the cluster addition process; otherwise feeding back anaccept response to the cluster management device;

(A3) after receiving the response from the candidate device and if thecandidate device agrees to be added to the cluster, sending aconfiguration message containing private IP address, member number,handshaking interval, state retention time, etc. to said candidatedevice by the cluster management device; after receiving the message,configuring the candidate device correspondingly, and sending a completeresponse to the cluster management device after the configuration.

In step (A2), determining whether the candidate device itself can beadded to the cluster is implemented through determining whether thecandidate device has already been in another cluster and whethersoftware version in the device supports cluster management.

In step (A2), before feeding back the accept response to be added to thecluster to the cluster management device, the candidate device willdetermine whether a super user password is set on itself; if a superuser password has not been set, the candidate device feeds back theaccept response message to be added to the cluster directly; if a superuser password has been set, the candidate device feeds back anauthentication request to the cluster management; then, the candidatedevice authenticates itself according to the authentication informationsent from the management device; if the authentication is successful,the candidate device feeds back the accept response to be added to thecluster; otherwise feeds back a reject response to be added to thecluster to the cluster management device.

The necessary configuration for each member device added to the clusterin step (4) includes configuring each member device with the followingitems: member device number, private IP address of member device, nameof member device, state of member device, operating state of memberdevice, and cluster management password.

The identification of each member device added to the cluster in step(4) is performed with a data structure comprising the following fields:

network type: designed to identify the type of network where the deviceis;

physical address: designed to identify the physical address of thedevice in the network.

In above network device management method, in step (1), said clustermanagement device establishes IP data channels via said clustermanagement device between said network management device and the networkdevices in the cluster with stream transform technology or addresstranslation technology.

The cluster management apparatus for network devices according to thepresent invention comprises: a cluster device manager and a memberdevice manager; wherein:

said cluster device manager comprises:

a translation module, designed to perform network address translationfor management messages of member devices;

a DHCP-like module, designed to accomplish allocation of private IPaddresses to member network devices;

a cluster member management module, designed to manage member networkdevices in a concentrate manner, and to forward management messages,which are from outside of the cluster and destined to member devices,through the standard network address translation module to respectivemember devices to process, so that the member devices can process themanagement messages according to normal processing process;

a topological information processing module, designed to detect thetopological architecture of network and to acquire the information oftopological architecture of network within a specified number of hops inthe network;

said member device manager comprises:

a cluster member management module, designed to accomplish clustermanagement at the member device end;

a topological information processing module, designed to accomplishdetection of adjacent devices and response/forwarding of topologyacquisition requests.

It can be seen from above description that the present invention can beimplemented on the existing IP protocol stack through configuring eachmember device added to the cluster (including allocating private IPaddresses and identifying); therefore, it is simple to implement and hasgood openness, facilitating management of network devices from differentmanufacturers; through the use of private IP addresses in management ofthe network devices, it saves valuable public IP address resource; inaddition, since the present invention uses standard NAT to forwarddevice management messages, it is easy to be implemented in hardware,and thereby enhances universality of the present invention and reducesthe load on CPUs of the management devices, and implements concentratemanagement of a large number of network devices; therefore, with thepresent invention, effective cluster management of network devices canbe implemented.

BRIEF DESCRIPTION OF THE DRAWINGS

FIG. 1 is a schematic diagram of the cluster management system with themethod of the present invention;

FIG. 2 is a flow diagram of the method with which a plurality of networkdevices compose a cluster according to the present invention;

FIG. 3 is a flow diagram of adding a candidate network device to thecluster, which is used in the method shown in FIG. 2;

FIG. 4 is a structural block diagram of an embodiment of the apparatusaccording to the present invention.

DETAILED DESCRIPTION OF THE EMBODIMENTS

The core idea of the present invention is: a plurality of networkdevices compose a cluster; wherein the network device designated as thecluster management device is allocated with a public IP address, othernetwork devices use a private IP address segment configured and updatedby the cluster management device; the cluster management device is theonly external management interface of the entire cluster; in otherwords, whenever the network management device tries to access or manageany network device in the cluster, an IP data channel via the clustermanagement device has to be established. In this way, the networkdevices in the cluster are managed in a concentrate manner. Above publicIP address may be configured by the network management device outside ofthe cluster or configured on the cluster management device by thesubscriber.

FIG. 1 is a schematic diagram of the cluster management system with themethod of the present invention. As shown in FIG. 1, the IP address ofthe network management device station (i.e., network management device)is 69.110.1.100; the network administrator designates a network devicein the cluster as the command switch (usually a Lay-3 switch or anetwork device with higher performance) and allocates a public IPaddress 69.110.1.1 to it (e.g., configure via the command line interfaceof the network management device or that of the command switch); thereis also a backup switch (usually a Lay-3 switch or a network device withhigher performance) in the cluster and member switches 1˜3 (usually aLay-2 switch or low-end network device with similar function). In thecluster shown in FIG. 1, the command switch is equivalent to the clustermanagement device, and is responsible for establishment, concentratemanagement, and maintenance of the entire cluster network, includingaddition/deletion of member devices, maintenance of states of memberdevices, and information acquisition of topological architecture of thecluster network, e.g., allocating private IP addresses and routes to themember switches. To enhance reliability of network management and avoidthe effect of single point failure to cluster management function, abackup switch or backup cluster management device shall also beconfigured, so that the backup switch can take over the task of thecommand switch to continue to manage the entire cluster network in aconcentrate manner in case the command switch fails. After memberdevices are added to the cluster, the user can manage them remotelythrough the command switch, including configuration and inquiryoperations. In addition, a switch with cluster management function mayalso determine whether to add in the cluster by its configuration, forinstance, the candidate switch with cluster management function as shownin FIG. 1.

To save public IP address resource as far as possible, for a cluster,only the command switch in the cluster is allocated with a public IPaddress, and other network devices with cluster management function arenot allocated with public IP addresses; in case the command switchfails, the public IP address of the command switch is allocated to thesubstituting backup switch, or a new public IP address may be allocatedto the backup switch which substitutes the command switch. After such aswitching, the specific cluster configuration update will be started andaccomplished by the new command switch.

During concentrate management of the network devices with the standardprotocol stack and private IP address segment according to the presentinvention, the plurality of network devices compose a cluster throughthe following steps, as shown in FIG. 2, which shows the detailedembodiment. Firstly, in step 1, a device (usually a Lay-3 switch or anetwork device with higher performance) in the network is designated asthe cluster management device by the network management device or by theuser through command line, and then the device is configuredcorrespondingly; in the embodiment, the items configured include:

cluster name: the name that identifies the managed cluster;

cluster enable state: designed to identify whether the managed clusteris in enabled state;

cluster management IP address pool: the private IP address segmentconfigured for member devices;

cluster retention time: designed to indicate the duration after whichthe member is deemed as disconnected from the management device if nohandshaking message from the member device is received;

handshaking time interval: designed to configure the time interval atwhich handshaking messages are sent between the member device and themanagement device;

role of the management device in the cluster: designed to identifywhether the device is a management device or a member device;

management IP address of the management device: the IP address designedto identify the management device for communication in the cluster;

In step 2, the scope of management cluster is determined first; to thisend, it is required that the network management device determines thenumber of hops for acquisition of network topology, and then, thecluster management device initiates a topology acquisition process toacquire information of topological architecture of the network within aspecified number of hops in the network, in order to acquire informationof managed devices to be added into the management cluster, theinformation including MAC address and interconnection port number ofeach managed device;

In step 3, the network management device/command line user decideswhether to establish a device management cluster according to thetopological information acquired by the cluster management device andother relevant information; for instance, in case there are a fewdevices, the scope of the management cluster shall be reselected,instead of establishing the management cluster immediately. If amanagement cluster can be established, the network managementdevice/command line user notifies the cluster management device to startthe member device addition process.

In step 4, the cluster management device determines the candidatedevices that can be added into the cluster and adds the determinedcandidate devices to the cluster so that the devices become memberdevices of the cluster; at the same time, the cluster management deviceconfigures each member device added to the cluster, including allocatingprivate IP address and member number. (In a practical communicationnetwork, a device need not be connected to Internet or another dedicatednetwork in some instances; in this case, it is unnecessary to follow theregulations for IP address application and registration, and that devicemay use any address, e.g., a private IP address. RFC 1597 (AddressAllocation for Private Internets) defines the following IP addresssegments for use as private addresses:

Class A addresses: 10.0.0.0 to 10.255.255.255

Class B addresses: 172.16.0.0 to 172.31.255.255.255

Class C addresses: 192.168.0.0 to 192.168.255.255

Therefore, above private IP addresses may be used in management ofdevices in the cluster.

The configuration (including allocating private IP address and membernumber) to each member device added to the cluster including configuringthe following items:

cluster name: designed to identify the name of the cluster where thecurrent switch is;

cluster password: which is a uniform cluster management password,designed to authenticate management processes in the cluster;

member device number: designed to identify the device uniquely in thecluster. It is an internal number for indexing in the implementation;

private IP address of member device: which is the network address of themember device for communication in the IP network;

IP address of the management device: designed for IP-based communicationbetween the member devices and the management device in the cluster;

name of member device: designed to identify the name of the device.

In the embodiment, the identification of each member device that isadded to the cluster is performed with the data structure comprising thefollowing fields: type (2 bytes) Reserved (2 bytes) Physical Address ofDevice in the network (6 bytes)

network type (Type): designed to identify the type of the network wherethe device is;

physical address: designed to identify the physical address of thedevice in the network and represented with characters.

There are 10 bytes in all in above structure, wherein the Type fieldcomprises 2 bytes, the Physical Address field comprises 6 bytes, theReserved field comprises 2 bytes for other uses. With above structure,it is unnecessary to use manufacturer-defined device identificationmethods. The method is favorable to ensure uniqueness of each device;and device uniqueness is ensured by uniqueness of the physical address.Furthermore, such an identification is not limited to a certain physicalnetwork, for example, if Type=0, the physical address of device in thenetwork is expressed as an Ethernet address. The Type may be extendedaccording to the physical network where the device is.

In above step 4, the process through which a candidate network device isadded to the cluster comprises the following steps, referring to FIG. 3:

in step 11, the cluster management device sends a cluster additionrequest to the candidate network device that can be added to thecluster. In step 12, the candidate device determines whether it can beadded to the cluster according to its condition, e.g., whether thecandidate device is in another cluster, or whether the software versionin the device support cluster management; if the candidate device cannot be added to the cluster, it terminates the addition process andfeeds back a reject response to be added to the cluster to the clustermanagement device; otherwise, in step 13, the candidate devicedetermines whether a super user password is set; if not, authenticationis unnecessary, and the candidate device feeds back an accept responsedirectly; if the device has set a password, the candidate deviceauthenticates the management device in step 14; if the authentication issuccessful, the candidate device feeds back an accept response in step15; otherwise the candidate device feeds back a reject message andterminates the cluster addition operation.

The device authentication operation described above is as follows:first, the candidate device returns a message containing a challenge forauthentication to the management network device; after receiving themessage, the cluster management device utilizes the challenge to encryptthe authentication information including the candidate network deviceand authentication password (which may be a cluster management passwordsent by the cluster network device), and then encapsulates theauthentication information into a response message, and sends themessage to the respective candidate device; after the candidate deviceauthenticates and confirms the identity of the management networkdevice, it returns an accept acknowledge message to the managementnetwork device.

In step 16, after receiving the accept response from the candidatenetwork device, the cluster management device allocates a cluster memberidentifier, a private IP address for management, and other configurationinformation to the candidate network device, encapsulates theinformation and a password (may be encrypted) into a configurationmessage, and sends the message to the candidate device; after receivingthe message, the candidate device parses out the configurationinformation including the password, the cluster management number, andthe management private IP therein, and records the configurationinformation sent from the cluster management device, then, the candidatenetwork device changes its role to a member switch, and then returns acomplete message to the cluster management device; after receiving thecomplete message from the candidate network device, the clustermanagement device identifies the candidate network device as a clustermember. Thus, the candidate device addition process ends.

FIG. 4 is a structural block diagram of an embodiment of the apparatusaccording to the present invention. The cluster management apparatus fornetwork devices shown in the diagram comprises a cluster device managerA1 disposed at the command switch end and a cluster member devicemanager A2 at the member switch end, wherein:

the cluster device manager A1 is disposed in the cluster managementdevice and is designed to implement cluster management of memberdevices, comprising:

a translation module A11, designed to perform network addresstranslation for management messages of member devices;

a DHCP-like module A12, designed to accomplish allocation of private IPaddresses to member network devices;

a cluster member management module A13, designed to manage membernetwork devices in a concentrate manner, and to forward managementmessages, which are from outside of the cluster and destined to memberdevices, through the standard network address translation module torespective member devices to process, so that the member devices canprocess the management messages according to normal processingprocedures;

a topological information processing module A14, designed to detect thetopological architecture of network and to acquire the information oftopological architecture of network within a specified number of hops inthe network;

the member device manager A2 is disposed in the managed member deviceand is designed to implement management at the member device side in thecluster management, comprising:

a cluster member management module A21, designed to accomplish clustermanagement at the member device end;

a topological information processing module A22, designed to accomplishdetection of adjacent devices and response/forwarding of topologyacquisition requests.

When above apparatus is used for cluster management of network devices,first, the topological information processing module A14 acquiresinformation of topological architecture of network within a specifiednumber of hops in the network through the topological informationprocessing module A22 at the candidate device side, and sends theinformation to the cluster member management module A13; the clustermember management module A13 sends a cluster addition request to thecluster member management module A21 in the candidate device that can beadded to the cluster; the cluster member management module A21determines whether to be added to the cluster according to itsconditions, and feeds back an accept or a reject response to the clustermember management module A13; when the cluster member management moduleA13 receives an accept message from the candidate device, the DHCP-likemodule A12 performs allocation of a private IP address of member networkdevice and sends the private IP address, together with configurationinformation including member number, handshaking interval, and stateretention time etc, to the cluster member management module A21 in thecandidate device via the cluster member management module A13; thecluster member management module A21 uses the information to configurethe device accordingly, and feeds back a complete response to thecluster management device after the configuration operation. After thecandidate device becomes a member device of the cluster, the managementmessages, which are from outside of the cluster and destined to themember device, will be processed in standard network address translationat the translation module A11 and then forwarded to the cluster membermanagement module A21 of the respective member device via the clustermember management module A13, so that the member device can process themanagement messages through usual processing procedures.

Hereunder a preferred embodiment of implementing cluster management inthe cluster shown in FIG. 1 is described with reference to FIG. 4. Asshown in FIG. 4, a translation module A11, a DHCP-like module A12, acluster member management module A13, and a topological informationprocessing module A14 are disposed at the command switch end; a clustermember management module A21 and a topological information processingmodule A22 are disposed in each member switch. Hereunder the function ofeach module and the cooperative working flow among the modules aredescribed.

The topological information processing module shown in FIG. 4 isdesigned to acquire information of topological architecture of networkand that of network devices; in particular, the topological informationprocessing module implements network device detection function andobtain information of topological architecture of network throughprocessing the acquired information of devices, e.g., device type andsoftware/hardware version.

After power on, the topological information processing modules in thecommand switch and the member switch send topological informationprocessing messages, containing information of the devices in which therespective modules are, to other surrounding immediate adjacent devicesperiodically; at the same time, they also receive topologicalinformation processing messages containing information of device fromsurrounding adjacent devices and process the informationcorrespondingly; for instance, if the received message is from anunregistered new device overtime, the topological information processingmodule adds a new entry in the information buffer of adjacent devices tostore information of the new device, and begins timing for the newentry; if the module hasn't yet received any new message from aregistered device within a specified time period overtime, it ages thecorresponding entry; if the information contained in the receivedmessage from is different from the information previously stored in theregistered device, it updates the previously stored information, andrestarts timing. The periodical transmission of information of device(topological information processing message) by the topologicalinformation processing module may be implemented with a timer; forinstance, when the timer reaches to the set value, the module begins tosend the information of device (topological information processingmessage); after the transmission is completed, the timer resets andrestarts timing. In addition, the transmission of information of device(topological information processing message) is independent to standardspanning tree protocol (STP), it may be performed as long as there arephysical connections between the network devices. The topologicalinformation processing messages will pass through STP-blocked ports, butthey are forbidden to be forwarded, i.e., the topological informationprocessing messages are only valid within 1 hop range. In this way, thedevice always knows the state and topological architecture of itsadjacent devices.

When the information of topological architecture of network is requiredor a cluster is to be established, the topological informationprocessing module may be triggered to acquire information through thefollowing steps: first, the acquisition scope is configured at theacquisition initiating device (the device may not always be the commandswitch; when necessary, a member device may also be the acquisitioninitiator), then, the topological information processing module of thedevice sends an acquisition request to the surrounding adjacent devices.After the topological information processing module of a surroundingadjacent device receives the request, it returns a response messagecontaining the information of device to the initiating device anddecreases the number of hops by 1; if the number of hops is not equal to0 after it is decreased by 1, the topological information processingmodule of the adjacent device forwards the request to its adjacentnetwork devices; otherwise it stops forwarding. To avoid floodingresulted from repeated message sending and loop, the topologicalinformation processing module shall send or forward the request messagesdepending on STP tree. The topological information processing module ofthe acquisition initiating device processes the response messagecontaining the information of device to obtain the information oftopological architecture of network within the acquisition scope. Toensure integrity and availability of the information of topologicalarchitecture of network, the topological information processing moduleperforms acquisition and processing on the data link layer.

After obtaining the information of topological architecture of networkthrough the topological information processing module, the commandswitch begins to establish a cluster. In particular, first, the clustermember management module at the command switch end obtains informationof relevant candidate switches (i.e., network devices that can be addedto the cluster but haven't been added to) from the topologicalinformation processing module, and then cooperates with the clustermember management module at the candidate switch end to add thecandidate switches to the cluster in auto mode (i.e., add all candidateswitches to the cluster automatically) or manual mode (i.e., the userspecifies the candidate switches to be added to the cluster from thelist of candidate devices). If the user has known the information (e.g.,MAC Address) of the candidate network device, the step of acquiring theinformation of topological architecture performed by the topologicalinformation processing module may be omitted, and the user may add thedevice to the cluster through manual operation directly.

When a candidate switch is added to the cluster, the member managementmodule at the command switch end treats the managed device (thecandidate member switch) as a special user, and allocate a private IPaddress and configure the candidate member device with relevant routedynamically through the DHCP-like module, so that an IP data channelbetween the command switch and the member switch is established in thecluster. After the member device is configured with a private IPaddress, an IP data channel for communication inside the cluster andoutside the cluster shall also be established. To this end, the clustermember management module at the command switch end also configures themember device with the private IP address translation policy through thetranslation module when the member device is added, and establishes anIP data channel so that network management device station outside thecluster can access the member devices inside the cluster, or the memberdevices can access the network management device station. The conversionmay be performed with stream transform technology or NAT technology. Inconclusion, through above configuration, an IP data channel between thenetwork management device and a member switch is established via thecommand switch, and the user can manage the plurality of devices in thecluster with a public IP address through the remote network managementstation.

After a member switch is added to the cluster, the member switch canstart the handshaking process with the command switch through respectivecluster member management modules, so as to maintain the state ofcluster.

Besides above primary function modules, backup modules (not shown) canalso be used to implement backup function for the command switch, i.e.,through designating a backup switch, the management function of thecommand switch can be handed over to the designated backup commandswitch with the specified policy in case the command switch fails, andthereby system halt resulted from single point failure at the commandswitch can be avoided.

1. A management method of network devices, wherein a plurality ofnetwork devices compose a cluster, and wherein at least one networkdevice is set as the cluster management device and configured with apublic IP address; other network devices are configured and updated withprivate IP addresses and routes by said cluster management device; saidnetwork management device manages the network devices in the clusteraccording to the following steps of: (A) establishing IP data channelsvia said cluster management device between the network devices in thecluster and said network management device by said cluster managementdevice; and (B) managing the network devices in the cluster through saidIP data channels by said network management device.
 2. The methodaccording to claim 1, wherein said cluster management device configuresand updates other network devices with private IP addresses and routesaccording to information of topological architecture of the network anddevice information of the network devices in the cluster.
 3. The methodaccording to claim 2, wherein said cluster management device configuresthe other network devices with private IP addresses dynamically.
 4. Themethod according to claim 1, wherein said cluster comprises a pluralityof said cluster management devices, and one of the cluster managementdevices is responsible for managing the configuration and update ofprivate IP addresses and routes of the network devices in the cluster aswell as the communication between said network management device and thenetwork devices in the cluster; in case said cluster management devicefails, one of the other cluster management devices is designated to beresponsible for managing the configuration and update of private IPaddresses and routes of the network devices in the cluster as well asthe communication between said network management device and the networkdevices in the cluster, according to a predetermined policy.
 5. Themethod according to claim 4, wherein in step (A), said clustermanagement device establishes IP data channels via said clustermanagement device between the network devices in the cluster and saidnetwork management device with stream transform technology.
 6. Themethod according to claim 4, wherein in step (A), said clustermanagement device establishes IP data channels via said clustermanagement device between the network devices in the cluster and saidnetwork management device with network address translation technology.7. The method according to claim 4, wherein the plurality of networkdevices compose a cluster through the following steps: (1) designating adevice in the network as the cluster management device and configuringthe device correspondingly by the network management device; (2)initiating a topology acquisition process to acquire information oftopological architecture of the network within a specified number ofhops in the network by the cluster management device; (3) designatingcandidate devices to be added to the cluster in the topologicalarchitecture according to the information of topological architectureacquired from the cluster management device, and informing the clustermanagement device to start the cluster member device addition process bythe network management device; (4) adding the designated candidatedevices to the cluster and configures the candidate devicescorrespondingly by the cluster management device, so as to make thecandidate devices become member devices of the cluster; (5) after thecluster is established, managing the member devices in the cluster bythe cluster management device, and forwarding management messages whichare from outside of the cluster and destined to the member devicesthrough standard Network Address Translation (NAT) process tocorresponding member devices to process, and processing the managementmessages according to normal processing process by the member devices.8. The method according to claim 7, wherein said configuring the clustermanagement device correspondingly as described in step (1) includesconfiguring the following items on the device: cluster name, enablestate of cluster, management IP address pool of cluster, state retentiontime of cluster, handshaking time interval of member devices, role ofthe cluster management device in the cluster, and IP address of thecluster management device.
 9. The method according to claim 7, whereinthe process of adding candidate network devices to the cluster in step(4) comprises: (A1) sending cluster addition requests to candidatenetwork devices that can be added to the cluster by the clustermanagement device; (A2) determining whether it can be added to thecluster or not according to its own condition by each candidate device;if the candidate device can not be added to the cluster, feeding back areject response and terminating the cluster addition process; otherwisefeeding back an accept response to the cluster management device; (A3)after receiving the response from the candidate device and if thecandidate device agrees to be added to the cluster, sending aconfiguration message containing private IP address, member number,handshaking interval, state retention time, etc. to said candidatedevice by the cluster management device; after receiving the message,configuring the candidate device correspondingly, and sending a completeresponse to the cluster management device after the configuration. 10.The method according to claim 9, wherein in step (A2), determiningwhether the candidate device itself can be added to the cluster isimplemented through determining whether the candidate device has alreadybeen in another cluster and whether software version in the candidatedevice supports cluster management.
 11. The method according to claim 9,wherein in step (A2), before feeding back the accept response to beadded to the cluster to the cluster management device, the candidatedevice will determine whether a super user password is set on itself; ifa super user password has not been set, the candidate device feeds backthe accept response message to be added to the cluster directly; if asuper user password has been set, the candidate device feeds back anauthentication request to the cluster management device; then, thecandidate device authenticates itself according to the authenticationinformation sent from the management device; if the authentication issuccessful, the candidate device feeds back the accept response to beadded to the cluster; otherwise feeds back a reject response to be addedto the cluster to the cluster management device.
 12. The methodaccording to claim 7, wherein the necessary configuration for eachmember device added to the cluster in step (4) includes configuring eachmember device with the following items: member device number, private IPaddress of member device, name of member device, state of member device,operating state of member device, and cluster management password. 13.The method according to claim 7, wherein the configuration of eachmember device added to the cluster in step (4) is performed with a datastructure comprising the following fields: network type: designed toidentify the type of network where the device is; physical address:designed to identify the physical address of the device in the network.14. A cluster management apparatus for network devices comprising: acluster device manager and a member device connected with the clusterdevice manager, wherein: the cluster device manager comprises: anaddress translation module, designed to perform network addresstranslation for management messages of member devices; a Dynamic HostConfiguration Protocol (DHCP)-like module, designed to accomplishallocation of private IP addresses to member network devices; a firstcluster member management module, which is connected with the addresstranslation module A11, the DHCP-like module A12 and a topologicalinformation processing module A14 individually, and designed to managemember network devices in a concentrate manner, and to forwardmanagement messages, which are from outside of the cluster and destinedto member devices, to respective member devices to process, so that themember devices can process the management messages according to normalprocessing process; a first topological information processing module,designed to detect the topological architecture of network and toacquire the information of topological architecture of network within aspecified number of hops in the network; the member device comprises: asecond cluster member management module, designed to accomplish clustermanagement at the member device end; a second topological informationprocessing module, designed to accomplish detection of adjacent devicesand response/forwarding of topology acquisition requests.